Public bug reported: Currently we wget the ubuntu-cloud template without any integrity verification. We then proceed to execute binaries like /bin/passwd while still in the ubuntu-cloud template (in a chroot, but without any effective containment). We should be verifying that the image we download has not been tampered with.
** Affects: lxc (Ubuntu) Importance: Medium Assignee: Scott Moser (smoser) Status: Triaged ** Changed in: lxc (Ubuntu) Status: New => Triaged ** Changed in: lxc (Ubuntu) Importance: Undecided => Medium ** Changed in: lxc (Ubuntu) Assignee: (unassigned) => Scott Moser (smoser) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1182458 Title: ubuntu-cloud template: use simplestreams to add integrity verification To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1182458/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs